Beanstalk Part 2

Beanstalk

DeFiHardhat

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

LibFertilizer.addUnderlying contains an ignored return value.

bengeba

Summary:

The result of an external call IERC20(barnRaiseToken).transferFrom(msg.sender,address(this),uint256(tokenAmountIn)) is not checked/verified.

Vulnerability Details:

n Solidity, ERC20 is a common standard for token contracts. The transferFrom function is used to transfer tokens from one address (sender) to another address. In this case, it's trying to transfer tokenAmountIn tokens from the user (represented by msg.sender) to the contract itself (represented by address(this)).

The issue is that the function call doesn't handle the return value of transferFrom. The transferFrom function might return a boolean (true if successful, false otherwise) or it could revert the transaction if there's an error (like insufficient funds).

Impact:

By ignoring the return value, the addFertilizer function continues executing regardless of whether the token transfer was successful or not. This can lead to unexpected behavior:

Failed transfer: If the transfer fails (e.g., due to insufficient funds), the addFertilizer function might still update the contract's internal state (like unfertilizedIndex, fertilizer), but the tokens won't be deducted from the user's wallet. This can leave the contract in an inconsistent state.
Reentrancy attack: In some cases, ignoring the return value can expose the function to a reentrancy attack. This is a complex vulnerability where an attacker can exploit the gap between the function call and the state update to call the function again before the first call's state update is confirmed.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer

Tools Used:

Slither

Recommendations:

Check the return value: Instead of ignoring the return value, explicitly check if it's true. You can revert the transaction if the transfer fails using require(IERC20(barnRaiseToken).transferFrom(msg.sender, address(this), uint256(tokenAmountIn)), "Token transfer failed");.
Use a safe transfer function: Some ERC20 token implementations offer a safeTransferFrom function that not only transfers tokens but also includes checks to ensure the transfer succeeded. This can be a more convenient approach.

By properly handling the return value, you can ensure that the addFertilizer function only updates the contract's state if the token transfer is successful, reducing the risk of errors and vulnerabilities.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Unchecked transfers

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

1,991

18 USDC / LOC

High Medium

30,000 USDC

Low

1,500 USDC

Judges

3,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.